ipsec

Hello, i need some help understanging ipfilter and its statefull behaviour. I have created a ipsec tunnel with strongswan which is policy based. On the bsd router re1.7 it has the IP 10.111.7.254/24. I wan't to reach the device 10.111.7.1 that is connected to the bsd router. Wan is connected...

Hello everyone, Over the last year and a half I have learned a lot about IPv6, but unfortunately I am limited by my available ISPs (only dynamic IPv6 prefixes or prohibitively expensive business contracts). So I was thinking about getting my own ASN and renting a PI /48 IPv6 prefix so I can use...

I am trying to set-up an IPsec based VPN tunnel between my smartphone and my home server (192.168.0.42). The connection is established, but incoming (UDP-encapsulated) ESP packets are dropped on the server side. I'm using OpenIKED for the key exchange. The following output shows the dropped...

At an office, a FreeBSD router is set up using ipfw and nat. This part works great and has for years. We added an ipsec tunnel for a remote network. I have the tunnel up, and can ping from the internal interface (em1 172.31.0.200) to the remote IP 10.4.4.4, no problem. For the nat, I set up...

Hi, i have trouble with Ipsec & pf enc0 nat problem . I show you my problematic scenerio below any help would be appreciated at this point STRONGSWAN CONFIGURATION alfa7000 { fragmentation = yes unique = replace version = 1 aggressive = no proposals...

Hello, I'm trying to setup SoftEther VPN server on a FreeBSD internet gateway (between my home LAN and the Internet). My problem is exactly the same as in the thread "PC-to-LAN connection ok, but…" of softether users forum (https://www.vpnusers.com/viewtopic.php?f=7&t=4542) but I'm running...

Hi, I was able to set up an IPSec/strongswan VPN tunnel and it works great so far (Forum: 67850). Now, I'd like to forward traffic from my bhyve VM's through the tunnel but I am having problems with it. The picture looks like that: (all done on FreeBSD 11.2p4) (*) normal DSL Router with...

When a T-Mobile "femto-cell" is trying to establish its IPv4, IPSEC tunnel to the T-Mobile provisioning servers, the 4640-byte return packet is silently dropped by the in-kernel NAT, even though it "matches" the outbound packet from less than 100 ms prior. All other operations of the firewall...

Hey FreeBSD people, I'm a long term Linux user who would like to include one or more FreeBSD server into his server infrastructure. Last week I set up a virtual management network via Open vSwitch on my Linux machines. This network connects Linux containers over multiple hosts. The network...

Hello Everyone! I am a regular linux user of about 10 years. I am now looking to learn freeBSD. icsdhcp,gateways,ipsec and pf, ect. I am using vmware to create my network and finding that i read a doc on dhcp.conf and realize 1h later its for a version 2 years old and openBSD. I would like...

Hello everyone, I'm trying to build my first VPN tunnel between 2 gateways, both running FreeBSD 11.1. my question, is this manual still consistent? Making a tunnel - its easy,but when I try to apply encryption as it shown in handbook - tunnel stops working ... according to that manual...

Hi, I am trying to setup IPSEC/L2TP VPN client on FreeBSD 11.1, I got security/strongswan working and I can see it establish the connection, now trying to setup net/l2tpd, Following is the configuration: /usr/local/etc/l2tp/l2tp.conf [global] access control = yes Port = 1701 [lac l2tp] lns =...

Hello all, I am struggling here to get a working site-to-site VPN on FreeBSD 10.3-RELEASE-p24. At first I installed security/strongswanfrom ports (version 5.6.0), and it would not even load its configured connections. So I decided to manually compile security/strongswan 5.5.3 version and...

Hi There is a case: - HQ with fixed white IP - Site with dynamic gray IP behind NAT (!!!) Need to setup IPSec VNP LAN-LAN to connect site to HQ. I've tried Racoon and succeded with establishing IPSec connection, but LAN-LAN connection wasn't established. The same with StrongSwan - I can see...

Hello forum, (1) As stated in the subject, how to achieve IPSec throughput above 2 Gbit/s? (2) Has anyone run IPSec and successfully hit IPSec throughput above 2 Gbit/s? (3) Which FreeBSD version would be recommended for this scenario? (4) What should be tune in /boot/loader.conf ? (Our...

Hello forum. This is a bit of a long shot and I don't have much useful diagnostic information to provide, but I'm otherwise running out of ideas. At home, I have replaced my ISP-supplied VDSL router with a bridging modem and a FreeBSD host running pf. I have a very simple ruleset which NATs...

Hello! I am trying to look into the whole VPN/IPSec topic. I read the FreeBSD handbook but I am not sure about the different packages. As far as I understand FreeBSD provides IPSec support already. So what's the purpose of a package like OpenSwan. Is OpenSwan a replacement of the "native"...

I setup a simple IPsec IKEv2 vpn. it works fine but how do I get detail about the network information? - Where is the interface tun0 or gif0 or whatever is holding the VPN client's IPs 10.11.12.0/24 - Where is the routing table stored?, I can't see anything different on netstat -rn - I still...

I'm trying to get the following scheme up and running: What would be a good read to start except of jail man page?

Hi friends. Please help me. How to add an exception network addresses in IPsec.conf? I used security/ipsec-tools and very all good, but string in /etc/IPsec.conf for example: spdadd 0.0.0.0/0 10.0.110.0/24 any -P out ipsec esp/tunnel/1.1.1.1-2.2.2.2/require; spdadd 10.0.110.0/24 0.0.0.0/0 any...